Trojaner-Board - Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD

Hallo!
Habe heute einen kompletten Systemscan mit Avira gemacht, nachdem der Echtzeitscan von Avira Alarm geschlagen hat.
Es wurden 3 Dateien gefunden und Avira hat diese in Quarantäne verschoben

Log:

Code:



Avira Free Antivirus

Erstellungsdatum der Reportdatei: Montag, 24. Juni 2013  11:47
 
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : Avira Free Antivirus

Seriennummer   : 0000149996-ADJIE-0000001

Plattform      : Windows 8

Windowsversion : (plain)  [6.2.9200]

Boot Modus     : Normal gebootet

Benutzername   : SYSTEM

Computername   : BJÖRN-LAPTOP
 

Versionsinformationen:

BUILD.DAT      : 13.0.0.3736    54853 Bytes  14.06.2013 14:40:00

AVSCAN.EXE     : 13.6.0.1722   634936 Bytes  24.06.2013 09:20:53

AVSCANRC.DLL   : 13.6.0.1550    62520 Bytes  24.06.2013 09:20:53

LUKE.DLL       : 13.6.0.1550    65080 Bytes  24.06.2013 09:21:19

AVSCPLR.DLL    : 13.6.0.1712    92216 Bytes  24.06.2013 09:20:53

AVREG.DLL      : 13.6.0.1550   247864 Bytes  24.06.2013 09:20:52

avlode.dll     : 13.6.2.1704   449592 Bytes  24.06.2013 09:20:50

avlode.rdf     : 13.0.1.18      26349 Bytes  21.06.2013 13:02:02

VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:12:59

VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 16:55:09

VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 15:36:45

VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 13:02:00

VBASE004.VDF   : 7.11.85.215     2048 Bytes  21.06.2013 13:02:00

VBASE005.VDF   : 7.11.85.216     2048 Bytes  21.06.2013 13:02:00

VBASE006.VDF   : 7.11.85.217     2048 Bytes  21.06.2013 13:02:00

VBASE007.VDF   : 7.11.85.218     2048 Bytes  21.06.2013 13:02:00

VBASE008.VDF   : 7.11.85.219     2048 Bytes  21.06.2013 13:02:01

VBASE009.VDF   : 7.11.85.220     2048 Bytes  21.06.2013 13:02:01

VBASE010.VDF   : 7.11.85.221     2048 Bytes  21.06.2013 13:02:01

VBASE011.VDF   : 7.11.85.222     2048 Bytes  21.06.2013 13:02:01

VBASE012.VDF   : 7.11.85.223     2048 Bytes  21.06.2013 13:02:01

VBASE013.VDF   : 7.11.85.224     2048 Bytes  21.06.2013 13:02:01

VBASE014.VDF   : 7.11.86.93    870400 Bytes  24.06.2013 09:20:43

VBASE015.VDF   : 7.11.86.94      2048 Bytes  24.06.2013 09:20:43

VBASE016.VDF   : 7.11.86.95      2048 Bytes  24.06.2013 09:20:43

VBASE017.VDF   : 7.11.86.96      2048 Bytes  24.06.2013 09:20:43

VBASE018.VDF   : 7.11.86.97      2048 Bytes  24.06.2013 09:20:43

VBASE019.VDF   : 7.11.86.98      2048 Bytes  24.06.2013 09:20:43

VBASE020.VDF   : 7.11.86.99      2048 Bytes  24.06.2013 09:20:43

VBASE021.VDF   : 7.11.86.100     2048 Bytes  24.06.2013 09:20:43

VBASE022.VDF   : 7.11.86.101     2048 Bytes  24.06.2013 09:20:43

VBASE023.VDF   : 7.11.86.102     2048 Bytes  24.06.2013 09:20:43

VBASE024.VDF   : 7.11.86.103     2048 Bytes  24.06.2013 09:20:43

VBASE025.VDF   : 7.11.86.104     2048 Bytes  24.06.2013 09:20:43

VBASE026.VDF   : 7.11.86.105     2048 Bytes  24.06.2013 09:20:43

VBASE027.VDF   : 7.11.86.106     2048 Bytes  24.06.2013 09:20:43

VBASE028.VDF   : 7.11.86.107     2048 Bytes  24.06.2013 09:20:44

VBASE029.VDF   : 7.11.86.108     2048 Bytes  24.06.2013 09:20:44

VBASE030.VDF   : 7.11.86.109     2048 Bytes  24.06.2013 09:20:44

VBASE031.VDF   : 7.11.86.112     2048 Bytes  24.06.2013 09:20:44

Engineversion  : 8.2.12.66 

AEVDF.DLL      : 8.1.3.4       102774 Bytes  13.06.2013 14:11:48

AESCRIPT.DLL   : 8.1.4.124     487806 Bytes  20.06.2013 08:44:23

AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 18:12:01

AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06

AERDL.DLL      : 8.2.0.128     688504 Bytes  13.06.2013 14:11:48

AEPACK.DLL     : 8.3.2.24      749945 Bytes  20.06.2013 08:44:23

AEOFFICE.DLL   : 8.1.2.60      205181 Bytes  18.06.2013 17:03:52

AEHEUR.DLL     : 8.1.4.426    5951866 Bytes  20.06.2013 08:44:22

AEHELP.DLL     : 8.1.27.2      266617 Bytes  04.06.2013 15:47:33

AEGEN.DLL      : 8.1.7.4       442741 Bytes  08.05.2013 13:03:06

AEEXP.DLL      : 8.4.0.34      201079 Bytes  04.06.2013 15:47:43

AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 13:42:55

AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 13:57:26

AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 14:00:38

AVWINLL.DLL    : 13.6.0.1550    23608 Bytes  24.06.2013 09:20:40

AVPREF.DLL     : 13.6.0.1550    48184 Bytes  24.06.2013 09:20:51

AVREP.DLL      : 13.6.0.1550   175672 Bytes  24.06.2013 09:20:52

AVARKT.DLL     : 13.6.0.1626   258104 Bytes  24.06.2013 09:20:45

AVEVTLOG.DLL   : 13.6.0.1550   164920 Bytes  24.06.2013 09:20:48

SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 17:17:40

AVSMTP.DLL     : 13.6.0.1550    59960 Bytes  24.06.2013 09:20:55

NETNT.DLL      : 13.6.0.1550    13368 Bytes  24.06.2013 09:21:19

RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  28.11.2012 14:09:40

RCTEXT.DLL     : 13.6.0.1624    67128 Bytes  24.06.2013 09:20:40
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: Vollständige Systemprüfung

Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20130624-114120-55AB0D22.avp

Protokollierung.......................: standard

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: ignorieren

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, 

Durchsuche aktive Programme...........: ein

Laufende Programme erweitert..........: ein

Durchsuche Registrierung..............: ein

Suche nach Rootkits...................: ein

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Makrovirenheuristik...................: ein

Dateiheuristik........................: erweitert
 

Beginn des Suchlaufs: Montag, 24. Juni 2013  11:47
 

Der Suchlauf über die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'D:\'

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf nach versteckten Objekten wird begonnen.

Fehler in der ARK Library
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '32' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '24' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '169' Modul(e) wurden durchsucht

Durchsuche Prozess 'dwm.exe' - '48' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvxdsync.exe' - '52' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvvsvc.exe' - '60' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht

Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'GFNEXSrv.exe' - '15' Modul(e) wurden durchsucht

Durchsuche Prozess 'spoolsv.exe' - '68' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht

Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht

Durchsuche Prozess 'armsvc.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht

Durchsuche Prozess 'InsOnSrv.exe' - '35' Modul(e) wurden durchsucht

Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'fbguard.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'dashost.exe' - '53' Modul(e) wurden durchsucht

Durchsuche Prozess 'HeciServer.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'PnkBstrA.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'Ath_CoexAgent.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'avshadow.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'fbserver.exe' - '37' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht

Durchsuche Prozess 'HControl.exe' - '42' Modul(e) wurden durchsucht

Durchsuche Prozess 'InsOnWMI.exe' - '47' Modul(e) wurden durchsucht

Durchsuche Prozess 'Explorer.EXE' - '191' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmiprvse.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'KBFiltr.exe' - '22' Modul(e) wurden durchsucht

Durchsuche Prozess 'DMedia.exe' - '32' Modul(e) wurden durchsucht

Durchsuche Prozess 'ATKOSD2.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'LiveComm.exe' - '80' Modul(e) wurden durchsucht

Durchsuche Prozess 'nvtray.exe' - '49' Modul(e) wurden durchsucht

Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht

Durchsuche Prozess 'DllHost.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht

Durchsuche Prozess 'RuntimeBroker.exe' - '42' Modul(e) wurden durchsucht

Durchsuche Prozess 'hkcmd.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'RAVCpl64.exe' - '43' Modul(e) wurden durchsucht

Durchsuche Prozess 'BtTray.exe' - '104' Modul(e) wurden durchsucht

Durchsuche Prozess 'BtvStack.exe' - '94' Modul(e) wurden durchsucht

Durchsuche Prozess 'avcenter.exe' - '84' Modul(e) wurden durchsucht

Durchsuche Prozess 'ACMON.exe' - '53' Modul(e) wurden durchsucht

Durchsuche Prozess 'AsusTPLoader.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'QuickGesture64.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'QuickGesture.exe' - '33' Modul(e) wurden durchsucht

Durchsuche Prozess 'AsusTPCenter.exe' - '65' Modul(e) wurden durchsucht

Durchsuche Prozess 'PDVD10Serv.exe' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'brs.exe' - '26' Modul(e) wurden durchsucht

Durchsuche Prozess 'ACEngSvr.exe' - '45' Modul(e) wurden durchsucht

Durchsuche Prozess 'avgnt.exe' - '86' Modul(e) wurden durchsucht

Durchsuche Prozess 'igfxpers.exe' - '38' Modul(e) wurden durchsucht

Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'ActivateDesktop.exe' - '37' Modul(e) wurden durchsucht

Durchsuche Prozess 'AsusTPHelper.exe' - '16' Modul(e) wurden durchsucht

Durchsuche Prozess 'IntelMeFWService.exe' - '23' Modul(e) wurden durchsucht

Durchsuche Prozess 'GoogleUpdate.exe' - '43' Modul(e) wurden durchsucht

Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht

Durchsuche Prozess 'daemonu.exe' - '64' Modul(e) wurden durchsucht

Durchsuche Prozess 'UNS.exe' - '65' Modul(e) wurden durchsucht

Durchsuche Prozess 'wmpnetwk.exe' - '83' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchProtocolHost.exe' - '40' Modul(e) wurden durchsucht

Durchsuche Prozess 'SearchFilterHost.exe' - '24' Modul(e) wurden durchsucht

Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht

Durchsuche Prozess 'vssvc.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht

Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht

Durchsuche Prozess 'wininit.exe' - '15' Modul(e) wurden durchsucht

Durchsuche Prozess 'winlogon.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'services.exe' - '24' Modul(e) wurden durchsucht

Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '1614' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\' <OS>

C:\Users\Björn\AppData\Local\Temp\tmp42c8efde\482.exe

  [FUND]      Ist das Trojanische Pferd TR/Bublik.I.16

C:\Users\Björn\AppData\Local\Temp\tmpd996f069\132.exe

  [FUND]      Ist das Trojanische Pferd TR/Bublik.I.12

C:\Users\Björn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\529d667b-4af6eee1

    [0] Archivtyp: ZIP

    --> Code$SystemClass.class

        [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.PD

        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden

Beginne mit der Suche in 'D:\' <Data>
 

Beginne mit der Desinfektion:

C:\Users\Björn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\529d667b-4af6eee1

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.PD

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ad867b.qua' verschoben!

C:\Users\Björn\AppData\Local\Temp\tmpd996f069\132.exe

  [FUND]      Ist das Trojanische Pferd TR/Bublik.I.12

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4fc1a9dd.qua' verschoben!

C:\Users\Björn\AppData\Local\Temp\tmp42c8efde\482.exe

  [FUND]      Ist das Trojanische Pferd TR/Bublik.I.16

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1d9ef33a.qua' verschoben!
 
 

Ende des Suchlaufs: Montag, 24. Juni 2013  12:55

Benötigte Zeit:  1:07:06 Stunde(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  40027 Verzeichnisse wurden überprüft

 731802 Dateien wurden geprüft

      3 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      0 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      3 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      0 Dateien konnten nicht durchsucht werden

 731799 Dateien ohne Befall

   6453 Archive wurden durchsucht

      1 Warnungen

      3 Hinweise

     82 Objekte wurden beim Rootkitscan durchsucht

      0 Versteckte Objekte wurden gefunden

Dann defogger ausgeführt:

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 13:10 on 24/06/2013 (Björn)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

OTL.txt :

Code:

OTL logfile created on: 24.06.2013 13:12:06 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Björn\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16580)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,88 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 79,80% Memory free

9,07 Gb Paging File | 7,46 Gb Available in Paging File | 82,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 186,30 Gb Total Space | 77,93 Gb Free Space | 41,83% Space Free | Partition Type: NTFS

Drive D: | 258,44 Gb Total Space | 256,24 Gb Free Space | 99,15% Space Free | Partition Type: NTFS

 

Computer Name: BJÖRN-LAPTOP | User Name: Björn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.06.24 13:10:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe

PRC - [2013.06.24 11:21:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2013.06.24 11:20:49 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2013.06.24 11:20:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013.03.12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PRC - [2013.02.04 19:56:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012.10.31 13:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

PRC - [2012.09.29 20:18:26 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2012.09.17 11:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.09.14 15:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2012.09.11 18:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2012.09.11 16:01:34 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

PRC - [2012.09.11 16:01:30 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe

PRC - [2012.09.11 13:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

PRC - [2012.08.31 21:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

PRC - [2012.07.17 18:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2012.07.17 11:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

PRC - [2012.05.28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

PRC - [2012.05.23 02:48:42 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

PRC - [2012.03.28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

PRC - [2008.06.13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe

PRC - [2008.06.13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.11 16:01:28 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)

SRV - [2013.06.24 11:21:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013.06.24 11:20:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013.02.04 19:56:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012.09.29 21:01:56 | 000,220,288 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2012.09.29 20:18:26 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)

SRV - [2012.09.17 11:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.09.11 13:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2012.08.31 04:35:20 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012.07.17 11:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)

SRV - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2012.05.23 10:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)

SRV - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2008.06.13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)

SRV - [2008.06.13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013.03.29 22:58:01 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2013.03.29 22:58:01 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2013.03.29 22:58:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012.10.31 13:09:56 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)

DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2012.10.08 12:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2012.09.29 20:43:20 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012.09.19 02:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)

DRV:64bit: - [2012.09.18 14:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)

DRV:64bit: - [2012.09.02 03:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2012.08.31 04:35:08 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012.08.27 05:11:04 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2012.08.02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2012.07.30 18:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012.07.02 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012.06.13 12:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2012.06.02 16:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2012.06.02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)

DRV:64bit: - [2012.05.31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)

DRV - [2011.09.07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)

DRV - [2009.07.02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0a1

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 24.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 24.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

 

[2013.06.07 15:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Extensions

[2013.06.09 21:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\o7rljfli.default\extensions

[2013.06.09 21:41:49 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\o7rljfli.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

CHR - Extension: Google Docs = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google-Suche = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Battlefield Play4Free = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\

CHR - Extension: Google Mail = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)

O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)

O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusTPLauncher - Verknüpfung.lnk = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe (AsusTek)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11DC610E-269B-4F76-A7DB-CBFB758D0859}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56A97C74-4CAD-41E1-850E-506B76A221CA}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.24 13:10:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe

[2013.06.07 15:38:23 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Mozilla

[2013.06.07 15:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly

[2013.06.07 15:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013.06.07 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Deployment

[2013.06.07 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Apps

[2013.06.07 13:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

[2013.06.07 00:37:14 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Identities

[2013.06.07 00:36:49 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Syehym

[2013.06.07 00:36:49 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Nyhet

[2013.06.07 00:36:49 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Inkued

[2013.05.28 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Activision

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.24 13:10:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe

[2013.06.24 13:10:22 | 000,000,000 | ---- | M] () -- C:\Users\Björn\defogger_reenable

[2013.06.24 13:02:58 | 000,050,477 | ---- | M] () -- C:\Users\Björn\Desktop\Defogger.exe

[2013.06.24 11:44:44 | 000,000,401 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\sp_data.sys

[2013.06.24 11:44:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.06.24 11:42:13 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013.06.24 11:42:04 | 2474,233,855 | -HS- | M] () -- C:\hiberfil.sys

[2013.06.24 11:21:30 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys

[2013.06.23 20:57:12 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2013.06.23 20:57:12 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013.06.23 20:57:04 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2013.06.23 11:02:24 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.06.23 11:02:24 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.06.23 11:02:24 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.06.23 11:02:24 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.06.23 11:02:24 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.06.21 09:18:17 | 000,002,002 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusTPLauncher - Verknüpfung.lnk

[2013.06.20 14:07:52 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.06.07 15:38:19 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk

[2013.06.07 15:07:03 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.06.07 14:37:18 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

[2013.06.07 00:44:11 | 000,308,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.05.27 17:37:11 | 000,000,221 | ---- | M] () -- C:\Users\Björn\Desktop\Call of Duty Black Ops - Multiplayer.url

 
 ========== Files Created - No Company Name ==========

 

[2013.06.24 13:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Björn\defogger_reenable

[2013.06.24 13:03:00 | 000,050,477 | ---- | C] () -- C:\Users\Björn\Desktop\Defogger.exe

[2013.06.21 09:18:17 | 000,002,002 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusTPLauncher - Verknüpfung.lnk

[2013.06.07 15:38:34 | 000,000,894 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightly.lnk

[2013.06.07 15:38:19 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk

[2013.06.07 15:38:19 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk

[2013.06.07 15:09:00 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.06.07 15:07:03 | 000,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.06.07 14:37:18 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo

[2013.06.07 13:20:46 | 000,001,440 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013.06.07 00:44:04 | 000,308,656 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.05.27 17:37:11 | 000,000,221 | ---- | C] () -- C:\Users\Björn\Desktop\Call of Duty Black Ops - Multiplayer.url

[2012.12.20 20:19:00 | 000,000,997 | ---- | C] () -- C:\Windows\eReg.dat

[2012.12.20 19:58:12 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012.12.20 19:58:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012.12.19 21:18:00 | 000,000,401 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\sp_data.sys

[2012.11.12 13:59:56 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2012.10.10 11:38:37 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

[2012.10.10 11:38:13 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012.10.10 11:38:08 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin

[2012.08.17 02:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe

[2012.08.17 02:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd

[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012.07.25 22:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin

[2012.07.25 22:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin

[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

 
 ========== ZeroAccess Check ==========

 

[2013.01.27 14:26:19 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.05.03 17:35:11 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\.minecraft

[2012.12.19 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\ASUS WebStorage

[2013.06.24 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Inkued

[2013.06.23 11:19:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Nettalk

[2013.06.23 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Nyhet

[2012.12.30 14:22:04 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\OpenOffice.org

[2013.01.27 14:28:44 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\PunkBuster

[2013.04.27 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Red Alert 3

[2013.05.02 20:38:22 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\soft-evolution

[2013.06.07 00:36:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Syehym

[2013.05.02 20:22:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Thunderbird

[2013.05.19 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\TS3Client

 
 ========== Purity Check ==========

 

 
 

< End of report >

Extras.txt :

Code:

OTL Extras logfile created on: 24.06.2013 13:12:06 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Björn\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16580)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,88 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 79,80% Memory free

9,07 Gb Paging File | 7,46 Gb Available in Paging File | 82,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 186,30 Gb Total Space | 77,93 Gb Free Space | 41,83% Space Free | Partition Type: NTFS

Drive D: | 258,44 Gb Total Space | 256,24 Gb Free Space | 99,15% Space Free | Partition Type: NTFS

 

Computer Name: BJÖRN-LAPTOP | User Name: Björn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1DB30128-CAAD-4F65-BBC3-76D2694B774E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{2C764D02-DEEC-43CA-9EDD-46C0C8310A98}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{49745B49-D978-4302-A57A-C39A096A4D2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4AC1C9AA-B58D-43EF-B37F-DDCC7D38E7DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4F3D0493-1CB2-463B-90C6-36FB89AF81F3}" = rport=138 | protocol=17 | dir=out | app=system | 

"{58ACFE8D-EEAF-417F-82BF-FE2C835099C8}" = lport=445 | protocol=6 | dir=in | app=system | 

"{78CBA602-B953-43F9-A21B-2B086A54E8C4}" = rport=139 | protocol=6 | dir=out | app=system | 

"{7C73DD50-BFD0-4018-8CDA-C69FA428AB79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8CDB0A1E-5C7C-4A8D-BE02-07F6F93B3FB7}" = lport=137 | protocol=17 | dir=in | app=system | 

"{A86699EB-C040-4969-BA2A-EAABDDAD2BB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{C31A9B3E-4439-4A0A-9EAF-312918FFAD38}" = lport=139 | protocol=6 | dir=in | app=system | 

"{C39CE29C-E3F7-4A0A-832B-74E05B56F4EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CF433284-E667-4647-A2FC-7E8D8C932BDD}" = lport=138 | protocol=17 | dir=in | app=system | 

"{E163E413-E00B-47AE-B442-A8F2BEC2A580}" = rport=445 | protocol=6 | dir=out | app=system | 

"{E1E99801-6AD9-4D1F-B1BC-5B1E8B3E02E2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E30B4BFC-4CBA-4A43-B7F3-E40528662A44}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{E8220470-4DD4-4D19-ACF7-772C7FEEB091}" = rport=137 | protocol=17 | dir=out | app=system | 

"{ED05C51E-6049-46FF-BF05-637931318EA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F18DFBE0-8060-4057-B48A-0AE78550203A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{F883DF13-5737-4009-A2A1-7B3559A5EB7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{F91CE2C9-19BF-4571-B3C3-C6C09CB6263F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0257213F-81EA-49CE-B072-EF56B18E6B7B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{0531DB10-7211-4709-B430-41FF3A5EAA63}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 

"{09CB921B-6A6F-40A8-AE19-D207E5B1CE94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{0AF466EA-9100-4FE2-92C4-0EB55B639BC3}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 

"{132ECEC3-EA2D-484E-872C-F313087E1F36}" = dir=in | name=pinball fx2 | 

"{1620D5C7-DFD8-4C81-BEEC-910F1E946C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 

"{16781556-A2A1-4464-8EF1-6E7DE5BCD1B7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 

"{19259529-4BB1-4999-A2EB-BCE898A39261}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{192A77A3-C923-4BDD-81DD-0A703B1687F8}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | 

"{23DA068A-9079-427B-84F9-443BE7FCB3E4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 

"{24A1E02C-F962-4541-B0C0-4EC9A0DCC8CB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{28FFA28B-EC67-4939-860E-B1EDFF254D52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{37F34A18-C72B-489B-8B42-1333EAA9021D}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 

"{3BEFB895-6FEB-4DD6-A7F1-4BEF7868E189}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{3FC44076-5F1F-49F2-BB69-94D8B0A4C39F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{42080DEE-8BD2-4D71-BCF8-655AED036704}" = dir=out | name=fresh paint | 

"{48411306-941C-4433-86CA-0A0EDDAFE8D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{49853FB6-6678-4DAD-B297-385E045DFD5E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{4AAB38C9-AE21-424D-949C-3B120C9D32BE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 

"{4B8F7EAE-8D20-4390-A9CB-F4790BED751F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 

"{4C6882B8-E18B-4B55-9028-E8E04D207351}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{580C2B1B-6062-4B0A-8AB8-E12EA9C5639C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{58D492E4-FB44-4099-951A-046CDECD4CBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{6090753C-39F9-4F77-864D-414102E323B3}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{63BA8C6E-3085-42AD-8DD6-5E0746CF852A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{6773E072-BD21-47AC-8A0A-4C72F50D7993}" = dir=out | name=pinball fx2 | 

"{69742AA8-E211-4A93-98A3-9633D9F4D307}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{69F958A0-1D93-4ABF-B64C-E83EF92DBF54}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 

"{6F6BED0C-21E7-4874-9546-B190F63F69C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{735D46E4-1F4E-4EC7-A0E4-03B7FB5FC7A8}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} | 

"{74156EAD-AF96-486E-90EF-AD08B71EF39B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

"{768B6232-DF36-4B26-B0D9-5A3EDD4D7B0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{77D77137-2F23-41F5-B255-D6CA00983B62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 

"{78AADF46-F9F8-405D-B8A7-AEBE1A20853B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{8167544A-7EE7-4A18-B9EB-409B703EF12D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 

"{81ADA9B8-2321-48DF-B89C-D11B8557EC87}" = dir=out | name=microsoft solitaire collection | 

"{8345FF6A-36E1-4C80-9015-E8C45539700C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 

"{85132256-41E7-42E3-8E1D-53A81FDB65CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{8998C43F-DCC2-49F5-BCAF-89AEEB5A731B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{89E9AEA0-685B-4F94-96DD-F83F2BC2FFB2}" = dir=out | name=taptiles | 

"{8A8AC3C3-5EDE-4AA2-AFF4-9D4034B07805}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 

"{8F59D892-D0C3-4AEE-888C-E2A23A5CE61C}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{90BD139E-63F2-4492-9ADE-B83DD384E44D}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 

"{9355C492-1C72-4999-AA07-D1EB0FCCE807}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{96F9983D-5C52-49CE-AA1C-3693238D3720}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

"{97ADC3D6-0FAE-42B2-B732-4BF40C432CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{99024631-F501-4D98-BD41-62FC30FD62A1}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 

"{9986A81A-DACE-42A4-94AE-647E20A096AB}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 

"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 | 

"{A2F237B7-9B34-4127-AA97-33688CAFD1FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{A8832A51-A1E7-4C89-865C-E0D338A7F3F1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{AE5D1A88-FEDD-4392-A7C1-DB87A4A259ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{B0668A07-E7BF-4763-856A-7E8959B00C03}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{B9EB4597-EE75-4DA2-B620-1F74A9B1BF00}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 

"{BE8BAC3B-0DB0-4A40-9BCA-E6E0E69A2F2C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 

"{C1522ABF-1260-43B1-949C-F58BEBA5441C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 

"{C272666E-C60C-4EA8-B8FB-700929F3B944}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C5D24E62-AE72-4DCF-9CFC-1721D3DA9474}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 

"{C73576E4-BEC7-43DE-806F-4BAEC1EF568A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{CCD95099-E1FA-48D7-9E0C-B7491DE5B1D6}" = protocol=6 | dir=out | app=system | 

"{CF1CC6E0-CFC5-46D4-88AA-9F7E13AC0295}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CF5FF165-AE09-4BA8-9DC3-D8B3A4BE1515}" = dir=out | name=wordament | 

"{D13B4EE2-9300-48A4-A491-7763DF293014}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 

"{D1CFA937-FF75-48F0-AA64-91C449E62741}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{D4E60113-FE05-440B-B6B5-1A27EC75BB7E}" = dir=out | name=adera | 

"{D942071F-5147-4868-BD64-37F144671C0E}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{E7E06026-2292-427D-94BC-C7615C68EA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{E955B10C-2EF6-4D0F-8554-A353BC362984}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{EE01E28A-5D1A-4A0E-8120-A7739F6F66CA}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{EE20C8BF-2343-41CE-8FE4-971A53654BF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{EEEBDF30-19AB-4A2F-AF33-310C7BD5BF12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 

"{F1CC9056-1CAF-496D-8B66-2ADF3123ED76}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 

"{F281421C-7F6F-4435-94C9-4194FB7E6C78}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"{FC90BCFF-06C8-42B4-9699-273BE5E871B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 

"TCP Query User{191AB034-506F-46D9-98D4-198352886305}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"TCP Query User{9CEDD333-9565-48FC-B722-69DF29AB64A5}D:\programme\battlefield play 4 free\bfp4f.exe" = protocol=6 | dir=in | app=d:\programme\battlefield play 4 free\bfp4f.exe | 

"TCP Query User{A18940D8-FA9B-431B-A354-61D441072A28}C:\program files (x86)\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\medieval ii total war\medieval2.exe | 

"TCP Query User{A7EA524C-D391-4FE6-BF92-327E3E03061A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"TCP Query User{B53AC26B-162C-4217-ADE8-C476023E8385}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 

"TCP Query User{B604E2B0-A91D-466A-9678-03F26FF75683}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 

"TCP Query User{BCB7B895-B968-461F-9F52-35E3C39BA34E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"TCP Query User{F94E767E-47EB-4C1D-A6EA-F77F220A1987}C:\program files (x86)\electronic arts\alarmstufe rot 3\data\ra3_1.0.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\alarmstufe rot 3\data\ra3_1.0.game | 

"UDP Query User{32C8D364-1414-4CF7-BA73-337D4B4E9E9A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"UDP Query User{37B7AB01-8FCD-4BA9-8BFC-7A389DD37F0A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 

"UDP Query User{46846C52-0A1E-425A-B136-5019F9D4A157}D:\programme\battlefield play 4 free\bfp4f.exe" = protocol=17 | dir=in | app=d:\programme\battlefield play 4 free\bfp4f.exe | 

"UDP Query User{49D38696-0642-48C9-A2AB-A544C21AD2E1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 

"UDP Query User{576C4140-F412-4C44-8BB9-9CF3A1E30318}C:\program files (x86)\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\medieval ii total war\medieval2.exe | 

"UDP Query User{63947E43-C3D8-4984-AC46-09E6B7FE9828}C:\program files (x86)\electronic arts\alarmstufe rot 3\data\ra3_1.0.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\alarmstufe rot 3\data\ra3_1.0.game | 

"UDP Query User{6698244C-DC58-4CEE-98C6-9BBAF0543308}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 

"UDP Query User{F0DA1736-4445-453E-92CD-C9A6DF7A3F15}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"19BB77B03643718D26B01876FD391DC93B189805" = Windows-Treiberpaket - ASUS (ATP) Mouse  (10/13/2012 1.0.0.146)

"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148)

"CCleaner" = CCleaner

"Nightly 24.0a1 (x64 en-US)" = Nightly 24.0a1 (x64 en-US)

"WinRAR archiver" = WinRAR 4.20 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{211DC3C2-07B5-4C1D-86FB-EE2860E620DD}" = S4 League_EU

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program

"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor

"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus

"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{DC06C90B-C5BE-42F6-B74D-A9503170998C}" = ASUS Product Demo Movie 

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 

"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ASUS WebStorage" = ASUS WebStorage Sync Agent

"Avira AntiVir Desktop" = Avira Free Antivirus

"Company of Heroes" = Company of Heroes

"Diablo III" = Diablo III

"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)

"Google Chrome" = Google Chrome

"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD

"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 

"Nettalk_is1" = Nettalk 6.7

"PunkBusterSvc" = PunkBuster Services

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Björn)

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 24.06.2013 07:11:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:11:33Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:12:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:12:03Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:12:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:12:33Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:13:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:13:03Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:13:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:13:33Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:14:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:14:03Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:14:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:14:33Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:15:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:15:03Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:15:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:15:33Z. Fehlercode: 0x80040154.

 

Error - 24.06.2013 07:16:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385

Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start

 bei 2113-05-31T11:16:03Z. Fehlercode: 0x80040154.

 

[ System Events ]

Error - 06.04.2013 14:37:31 | Computer Name = Björn-Laptop | Source = bowser | ID = 8003

Description = 

 

Error - 06.05.2013 09:44:17 | Computer Name = Björn-Laptop | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Steam Client Service erreicht.

 

Error - 06.05.2013 09:44:17 | Computer Name = Björn-Laptop | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 06.05.2013 15:09:46 | Computer Name = Björn-Laptop | Source = bowser | ID = 8003

Description = 

 

Error - 14.05.2013 13:34:13 | Computer Name = Björn-Laptop | Source = NetBT | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 192.168.2.103

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 27.05.2013 04:32:54 | Computer Name = Björn-Laptop | Source = bowser | ID = 8003

Description = 

 

Error - 27.05.2013 11:21:26 | Computer Name = Björn-Laptop | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (180000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Steam Client Service erreicht.

 

Error - 27.05.2013 11:21:26 | Computer Name = Björn-Laptop | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 06.06.2013 18:37:43 | Computer Name = Björn-Laptop | Source = DCOM | ID = 10010

Description = 

 

Error - 08.06.2013 12:28:43 | Computer Name = Björn-Laptop | Source = bowser | ID = 8003

Description = 

 

 

< End of report >

gmer.txt :

Code:

GMER 2.1.19163 - hxxp://www.gmer.net

Rootkit scan 2013-06-24 13:50:36

Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000045 ST500LM012_HN-M500MBB rev.2AR10001 465,76GB

Running: gmer_2.1.19163.exe; Driver: C:\Users\BJRN~1\AppData\Local\Temp\pglcypog.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

.text   C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988                                                                                                 fffff801288cb41c 1 byte [31]
 

---- User code sections - GMER 2.1 ----
 

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                              000007fcb94c1532 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                              000007fcb94c153a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                            000007fcb94c165a 4 bytes [4C, B9, FC, 07]

.text   C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                        000007fcb94c1532 4 bytes [4C, B9, FC, 07]

.text   C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                        000007fcb94c153a 4 bytes [4C, B9, FC, 07]

.text   C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                      000007fcb94c165a 4 bytes [4C, B9, FC, 07]

.text   C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                              000007fcbccf177a 4 bytes [CF, BC, FC, 07]

.text   C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                              000007fcbccf1782 4 bytes [CF, BC, FC, 07]

.text   C:\Windows\Explorer.EXE[2588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                               000007fcb94c1532 4 bytes [4C, B9, FC, 07]

.text   C:\Windows\Explorer.EXE[2588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                               000007fcb94c153a 4 bytes [4C, B9, FC, 07]

.text   C:\Windows\Explorer.EXE[2588] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                             000007fcb94c165a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3268] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007fcb94c1532 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3268] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007fcb94c153a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3268] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007fcb94c165a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3544] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                       000007fcb94c1532 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3544] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                       000007fcb94c153a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3544] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                     000007fcb94c165a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                     000007fcb94c1532 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                     000007fcb94c153a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                   000007fcb94c165a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                   000007fcb94c1532 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                   000007fcb94c153a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                 000007fcb94c165a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                       000007fcabe61b32 4 bytes [E6, AB, FC, 07]

.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                       000007fcabe61b3a 4 bytes [E6, AB, FC, 07]

.text   C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690    000007fcb94c1532 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698    000007fcb94c153a 4 bytes [4C, B9, FC, 07]

.text   C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246  000007fcb94c165a 4 bytes [4C, B9, FC, 07]

.text   C:\Windows\system32\igfxpers.exe[3816] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                            000007fcbccf177a 4 bytes [CF, BC, FC, 07]

.text   C:\Windows\system32\igfxpers.exe[3816] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                            000007fcbccf1782 4 bytes [CF, BC, FC, 07]

.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[2832] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                        000007fcabe61b32 4 bytes [E6, AB, FC, 07]

.text   C:\Program Files\Windows Media Player\wmpnetwk.exe[2832] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                        000007fcabe61b3a 4 bytes [E6, AB, FC, 07]
 

---- Threads - GMER 2.1 ----
 

Thread  C:\Windows\system32\csrss.exe [608:632]                                                                                                        fffff9600080d5e8

Thread   [1452:1520]                                                                                                                                   00000000772850a7

Thread   [1452:1528]                                                                                                                                   0000000076038064

Thread   [1452:1552]                                                                                                                                   00000000746bc59c

Thread   [1452:1656]                                                                                                                                   00000000746bc59c

Thread   [1452:1660]                                                                                                                                   00000000746bc59c

Thread   [1452:1664]                                                                                                                                   00000000746bc59c

Thread   [1452:1676]                                                                                                                                   00000000745e304c

Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:3632]                     000007fcbec5e400

Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4752]                     000007fcbeb5b248

Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4576]                     000007fcb28077b0

Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4248]                     000007fcb28077b0

Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4856]                     000007fcbc005990

Thread  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4912]                     000007fcbcadb364

Thread  C:\Windows\SYSTEM32\ntdll.dll [892:2104]                                                                                                       00000000011c44e1

Thread  C:\Windows\SYSTEM32\ntdll.dll [892:580]                                                                                                        0000000070d78c4c

Thread  C:\Windows\SYSTEM32\ntdll.dll [892:1220]                                                                                                       0000000070d78f21

Thread  C:\Windows\SYSTEM32\ntdll.dll [892:3372]                                                                                                       0000000070d78822

Thread  C:\Windows\SYSTEM32\ntdll.dll [892:1768]                                                                                                       00000000728f97fe
 

---- Disk sectors - GMER 2.1 ----
 

Disk    \Device\Harddisk0\DR0                                                                                                                          unknown MBR code
 

---- EOF - GMER 2.1 ----

Ich hoffe sehr, dass ihr mir helfen könnt mein System wieder vollständig zu säubern :)
Viele Grüße
Björn

Hey,
danke für die schnelle Antwort erstmal, hier sind die Logs:

FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013

Ran by Björn (administrator) on 24-06-2013 14:52:36

Running from C:\Users\Björn\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(Intel Corporation) C:\Windows\system32\igfxpers.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)

HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" [765056 2012-09-29] (Qualcomm Atheros)

HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [127616 2012-09-29] (Atheros Communications)

HKLM\...\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)

HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)

HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S [3417984 2012-08-28] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusTPLauncher - Verknüpfung.lnk

ShortcutTarget: AsusTPLauncher - Verknüpfung.lnk -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe (AsusTek)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com

HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\o7rljfli.default

FF Homepage: hxxp://www.gmx.net/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: No Name - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\o7rljfli.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 

Chrome: 

=======

CHR RestoreOnStartup: "hxxp://www.gmx.net/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

CHR Extension: (Google Docs) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Battlefield Play4Free) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0

CHR Extension: (Gmail) - C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations)

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)

R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project)

R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-04] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros)
 

==================== Drivers (Whitelisted) ====================
 

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-29] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-03-29] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )

U0 msahci; 

S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

U3 pglcypog; \??\C:\Users\BJRN~1\AppData\Local\Temp\pglcypog.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-06-24 14:52 - 2013-06-24 14:52 - 00000000 ____D C:\FRST

2013-06-24 14:49 - 2013-06-24 14:49 - 01931364 ____A (Farbar) C:\Users\Björn\Desktop\FRST64.exe

2013-06-24 13:50 - 2013-06-24 13:50 - 00010231 ____A C:\Users\Björn\Desktop\gmer.log

2013-06-24 13:31 - 2013-06-24 13:31 - 00377856 ____A C:\Users\Björn\Desktop\gmer_2.1.19163.exe

2013-06-24 13:16 - 2013-06-24 13:16 - 00068586 ____A C:\Users\Björn\Desktop\Extras.Txt

2013-06-24 13:15 - 2013-06-24 13:15 - 00102648 ____A C:\Users\Björn\Desktop\OTL.Txt

2013-06-24 13:10 - 2013-06-24 13:10 - 00602112 ____A (OldTimer Tools) C:\Users\Björn\Desktop\OTL.exe

2013-06-24 13:10 - 2013-06-24 13:10 - 00000472 ____A C:\Users\Björn\Desktop\defogger_disable.log

2013-06-24 13:10 - 2013-06-24 13:10 - 00000000 ____A C:\Users\Björn\defogger_reenable

2013-06-24 13:03 - 2013-06-24 13:02 - 00050477 ____A C:\Users\Björn\Desktop\Defogger.exe

2013-06-12 20:54 - 2013-06-24 12:58 - 00952150 ____A C:\Windows\WindowsUpdate.log

2013-06-07 21:23 - 2013-06-21 09:10 - 00058362 ____A C:\Windows\DPINST.LOG

2013-06-07 15:38 - 2013-06-24 11:42 - 00000000 ____D C:\Program Files\Nightly

2013-06-07 15:38 - 2013-06-08 12:17 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Mozilla

2013-06-07 15:38 - 2013-06-07 15:38 - 00000864 ____A C:\Users\Public\Desktop\Nightly.lnk

2013-06-07 15:36 - 2013-06-07 15:37 - 24250211 ____A (Mozilla) C:\Users\Björn\Downloads\firefox-24.0a1.en-US.win64-x86_64.installer.exe

2013-06-07 15:09 - 2013-06-20 14:07 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-06-07 15:07 - 2013-06-07 15:07 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-07 15:06 - 2013-06-07 15:07 - 00000000 ____D C:\Users\Björn\AppData\Local\Deployment

2013-06-07 15:06 - 2013-06-07 15:06 - 00000000 ____D C:\Users\Björn\AppData\Local\Apps\2.0

2013-06-07 14:37 - 2013-06-07 14:37 - 02143832 ____A C:\Users\Björn\Downloads\instsf449.exe

2013-06-07 14:37 - 2013-06-07 14:37 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo

2013-06-07 13:18 - 2013-06-24 11:42 - 00009494 ____A C:\Windows\PFRO.log

2013-06-07 11:54 - 2013-06-07 11:54 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-06-07 00:44 - 2013-06-07 00:44 - 00308656 ____A C:\Windows\System32\FNTCACHE.DAT

2013-06-07 00:36 - 2013-06-24 11:40 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Inkued

2013-06-07 00:36 - 2013-06-23 21:22 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Nyhet

2013-06-07 00:36 - 2013-06-07 00:36 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Syehym

2013-05-28 11:15 - 2013-05-28 11:15 - 00000000 ____D C:\Users\Björn\AppData\Local\Activision

2013-05-27 17:37 - 2013-05-27 17:37 - 00000221 ____A C:\Users\Björn\Desktop\Call of Duty Black Ops - Multiplayer.url
 

==================== One Month Modified Files and Folders =======
 

2013-06-24 14:52 - 2013-06-24 14:52 - 00000000 ____D C:\FRST

2013-06-24 14:49 - 2013-06-24 14:49 - 01931364 ____A (Farbar) C:\Users\Björn\Desktop\FRST64.exe

2013-06-24 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru

2013-06-24 13:50 - 2013-06-24 13:50 - 00010231 ____A C:\Users\Björn\Desktop\gmer.log

2013-06-24 13:42 - 2012-12-19 21:18 - 00000401 ____A C:\Users\Björn\AppData\Roaming\sp_data.sys

2013-06-24 13:31 - 2013-06-24 13:31 - 00377856 ____A C:\Users\Björn\Desktop\gmer_2.1.19163.exe

2013-06-24 13:16 - 2013-06-24 13:16 - 00068586 ____A C:\Users\Björn\Desktop\Extras.Txt

2013-06-24 13:15 - 2013-06-24 13:15 - 00102648 ____A C:\Users\Björn\Desktop\OTL.Txt

2013-06-24 13:10 - 2013-06-24 13:10 - 00602112 ____A (OldTimer Tools) C:\Users\Björn\Desktop\OTL.exe

2013-06-24 13:10 - 2013-06-24 13:10 - 00000472 ____A C:\Users\Björn\Desktop\defogger_disable.log

2013-06-24 13:10 - 2013-06-24 13:10 - 00000000 ____A C:\Users\Björn\defogger_reenable

2013-06-24 13:10 - 2012-12-19 21:14 - 00000000 ____D C:\users\Björn

2013-06-24 13:02 - 2013-06-24 13:03 - 00050477 ____A C:\Users\Björn\Desktop\Defogger.exe

2013-06-24 12:58 - 2013-06-12 20:54 - 00952150 ____A C:\Windows\WindowsUpdate.log

2013-06-24 12:22 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-06-24 11:42 - 2013-06-07 15:38 - 00000000 ____D C:\Program Files\Nightly

2013-06-24 11:42 - 2013-06-07 13:18 - 00009494 ____A C:\Windows\PFRO.log

2013-06-24 11:41 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI

2013-06-24 11:40 - 2013-06-07 00:36 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Inkued

2013-06-24 11:36 - 2012-12-20 18:04 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Skype

2013-06-24 11:21 - 2013-05-08 15:04 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys

2013-06-23 21:22 - 2013-06-07 00:36 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Nyhet

2013-06-23 20:57 - 2012-12-21 17:47 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2013-06-23 20:57 - 2012-12-20 19:58 - 00282104 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2013-06-23 20:57 - 2012-12-20 19:58 - 00234768 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2013-06-23 11:19 - 2013-01-13 20:52 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Nettalk

2013-06-23 11:02 - 2012-08-03 01:02 - 00753134 ____A C:\Windows\System32\perfh007.dat

2013-06-23 11:02 - 2012-08-03 01:02 - 00155826 ____A C:\Windows\System32\perfc007.dat

2013-06-23 11:02 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-23 02:06 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\NDF

2013-06-21 09:10 - 2013-06-07 21:23 - 00058362 ____A C:\Windows\DPINST.LOG

2013-06-20 14:07 - 2013-06-07 15:09 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-06-19 19:12 - 2013-01-03 19:38 - 00203776 __ASH C:\Users\Björn\Desktop\Thumbs.db

2013-06-13 16:18 - 2013-01-09 14:02 - 00000000 ____D C:\Users\Björn\AppData\Local\CrashDumps

2013-06-08 12:17 - 2013-06-07 15:38 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Mozilla

2013-06-08 12:17 - 2012-12-19 21:26 - 00000000 ____D C:\Users\Björn\AppData\Local\Mozilla

2013-06-07 15:38 - 2013-06-07 15:38 - 00000864 ____A C:\Users\Public\Desktop\Nightly.lnk

2013-06-07 15:37 - 2013-06-07 15:36 - 24250211 ____A (Mozilla) C:\Users\Björn\Downloads\firefox-24.0a1.en-US.win64-x86_64.installer.exe

2013-06-07 15:34 - 2013-05-20 22:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-06-07 15:09 - 2013-02-21 19:10 - 00000000 ____D C:\Users\Björn\AppData\Local\Google

2013-06-07 15:08 - 2013-02-21 19:10 - 00000000 ____D C:\Program Files (x86)\Google

2013-06-07 15:07 - 2013-06-07 15:07 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-07 15:07 - 2013-06-07 15:06 - 00000000 ____D C:\Users\Björn\AppData\Local\Deployment

2013-06-07 15:06 - 2013-06-07 15:06 - 00000000 ____D C:\Users\Björn\AppData\Local\Apps\2.0

2013-06-07 14:37 - 2013-06-07 14:37 - 02143832 ____A C:\Users\Björn\Downloads\instsf449.exe

2013-06-07 14:37 - 2013-06-07 14:37 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo

2013-06-07 13:08 - 2013-04-03 23:40 - 00000000 ____D C:\Program Files (x86)\Steam

2013-06-07 13:05 - 2013-01-27 14:33 - 00000000 ____D C:\ProgramData\Ubisoft

2013-06-07 13:04 - 2013-01-27 14:09 - 00000000 ____D C:\Program Files (x86)\Ubisoft

2013-06-07 11:57 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-07 11:54 - 2013-06-07 11:54 - 00004032 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-06-07 11:54 - 2013-04-14 12:02 - 00000000 ____D C:\Program Files (x86)\Java

2013-06-07 00:44 - 2013-06-07 00:44 - 00308656 ____A C:\Windows\System32\FNTCACHE.DAT

2013-06-07 00:36 - 2013-06-07 00:36 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Syehym

2013-05-28 11:15 - 2013-05-28 11:15 - 00000000 ____D C:\Users\Björn\AppData\Local\Activision

2013-05-27 17:37 - 2013-05-27 17:37 - 00000221 ____A C:\Users\Björn\Desktop\Call of Duty Black Ops - Multiplayer.url
 

Files to move or delete:

====================

C:\ProgramData\SetStretch.exe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-06-01 14:05
 

==================== End Of Log ============================

--- --- ---

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013

Ran by Björn at 2013-06-24 14:53:05

Running from C:\Users\Björn\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.202)

Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)

ASUS Instant Connect (x32 Version: 1.2.8)

ASUS InstantOn (x32 Version: 3.0.4)

ASUS LifeFrame3 (x32 Version: 3.1.9)

ASUS Live Update (x32 Version: 3.1.9)

ASUS Power4Gear Hybrid (Version: 2.0.4)

ASUS Product Demo Movie  (x32 Version: 1.0.3)

ASUS Smart Gesture (x32 Version: 1.0.35)

ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0005)

ASUS Tutor (x32 Version: 1.0.7)

ASUS USB Charger Plus (x32 Version: 2.1.5)

ASUS WebStorage Sync Agent (x32 Version: 1.1.9.120)

ASUSDVD (x32 Version: 10.0.4126.52)

ATK Package (x32 Version: 1.0.0023)

Avira Free Antivirus (x32 Version: 13.0.0.3736)

Battlefield Play4Free (Björn) (HKCU)

Call of Duty: Black Ops - Multiplayer (x32)

CCleaner (Version: 3.27)

Command & Conquer Generals (x32 Version: 0.50.0000)

Command & Conquer™ Alarmstufe Rot 3 (x32 Version: 1.0.1.0)

Command and Conquer(TM) Generäle Die Stunde Null  (x32 Version: 1.00.0000)

Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0)

Company of Heroes (x32 Version: 2.602.0)

Diablo III (x32 Version: 1.0.7.15295)

Firebird 2.1.1.17910 (Win32) (x32 Version: 2.1.1.17910)

Google Chrome (x32 Version: 27.0.1453.116)

Google Update Helper (x32 Version: 1.3.21.145)

Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)

Intel(R) Processor Graphics (x32 Version: 9.17.10.2843)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)

Intel® Trusted Connect Service Client (Version: 1.24.388.1)

Java 7 Update 21 (64-bit) (Version: 7.0.210)

Java 7 Update 21 (x32 Version: 7.0.210)

Java Auto Updater (x32 Version: 2.1.9.5)

Medieval II Total War (x32 Version: 1.00.0000)

Microsoft Office (x32 Version: 14.0.6120.5004)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

MSI to redistribute MS VS2005 CRT libraries (x32 Version: 8.0.50727.42)

Nettalk 6.7 (x32)

Nightly 24.0a1 (x64 en-US) (Version: 24.0a1)

NVIDIA Grafiktreiber 306.97 (Version: 306.97)

NVIDIA Install Application (Version: 2.1002.85.551)

NVIDIA Optimus 1.10.8 (Version: 1.10.8)

NVIDIA PhysX (x32 Version: 9.12.0613)

NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613)

NVIDIA Systemsteuerung 306.97 (Version: 306.97)

NVIDIA Update 1.10.8 (Version: 1.10.8)

NVIDIA Update Components (Version: 1.10.8)

OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)

PunkBuster Services (x32 Version: 0.990)

Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.210)

Qualcomm Atheros Client Installation Program (x32 Version: 10.0)

Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657)

Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136)

S4 League_EU (x32 Version: 1.00.0000)

Shared C Run-time for x64 (Version: 10.0.0)

Skype™ 6.3 (x32 Version: 6.3.107)

Steam (x32 Version: 1.0.0.0)

TeamSpeak 3 Client (HKCU Version: 3.0.10.1)

Ubisoft Game Launcher (x32 Version: 1.0.0.0)

Windows-Treiberpaket - ASUS (ATP) Mouse  (10/13/2012 1.0.0.146) (Version: 10/13/2012 1.0.0.146)

Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148)

WinFlash (x32 Version: 2.41.1)

WinRAR 4.20 (64-Bit) (Version: 4.20.0)
 

==================== Restore Points  =========================
 

28-05-2013 09:13:18 DirectX wurde installiert

04-06-2013 15:41:24 Windows Update

07-06-2013 09:54:02 Installed Java 7 Update 21
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)

Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical

Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler

Task: {1967836F-4E29-498B-A95C-D2EE29D978CE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents

Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance

Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {2755EC75-39D7-47F8-8CCE-90094B9719E2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)

Task: {295D7AFB-1751-4BE3-A325-1788AA40047B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect

Task: {299B2E56-8414-41D5-B5DF-DA2F2F1685D2} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2609407685-374623224-4235352812-1002 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh

Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks

Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update

Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator

Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask

Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem

Task: {3D46BC9E-4400-4012-85C7-A74744E7EC99} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)

Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance

Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage

Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)

Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon

Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance

Task: {5917AE2C-D03A-46DB-961D-A6F3E4CF1986} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)

Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required

Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)

Task: {6E7A6BE3-F6A3-476D-8DE8-4C9D897AFABC} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2609407685-374623224-4235352812-1002

Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)

Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319

Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update

Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance

Task: {818DA099-2326-4B3B-B675-1FE4ED4BF9C8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)

Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance

Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)

Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses

Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime

Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64

Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask

Task: {AB407FD1-FA46-40BF-A2F5-C284373E30BD} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)

Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh

Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-26] (Microsoft Corporation)

Task: {ABBE31E9-8BEE-4118-A5FB-F1A192A28940} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall

Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask

Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask

Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan

Task: {AFA7F299-EBB3-4DBA-A49F-1A2C7A19F6E3} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)

Task: {BAAFCCB0-EF6C-4899-A647-A634DDB564EB} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)

Task: {BC753DAC-647C-4FF8-AFFA-45BE38C7819F} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)

Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific

Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan

Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {CBE3AAC9-6FBE-4587-A436-388A7C353DF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)

Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork

Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical

Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery

Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/24/2013 02:52:48 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:52:48Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:52:18 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:52:18Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:51:21 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:51:21Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:50:51 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:50:51Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:50:21 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:50:21Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:49:51 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:49:51Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:49:21 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:49:21Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:48:51 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:48:51Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:48:21 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:48:21Z. Fehlercode: 0x80040154.
 

Error: (06/24/2013 02:47:51 PM) (Source: Software Protection Platform Service) (User: )

Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2113-05-31T12:47:51Z. Fehlercode: 0x80040154.
 
 

System errors:

=============

Error: (06/24/2013 01:40:20 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ?24.?06.?2013 um 13:02:28 unerwartet heruntergefahren.
 

Error: (06/08/2013 06:28:43 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BEATE-LAPTOP",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{56A97C74-4CAD-41E1-850E-506B76A221CA}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (06/07/2013 00:37:43 AM) (Source: DCOM) (User: BJÖRN-LAPTOP)

Description: {E70C92A9-4BFD-11D1-8A95-00C04FB951F3}
 

Error: (05/27/2013 05:21:26 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (05/27/2013 05:21:26 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (180000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
 

Error: (05/27/2013 10:32:54 AM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BEATE-LAPTOP",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{56A97C74-4CAD-41E1-850E-506B76A221CA}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (05/14/2013 07:34:13 PM) (Source: NetBT) (User: )

Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.101

registriert werden. Der Computer mit IP-Adresse 192.168.2.103 hat nicht

zugelassen, dass dieser Computer diesen Namen verwendet.
 

Error: (05/06/2013 09:09:46 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "BEATE-LAPTOP",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{56A97C74-4CAD-41E1-850E-506B76A221CA}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (05/06/2013 03:44:17 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (05/06/2013 03:44:17 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
 
 

Microsoft Office Sessions:

=========================

Error: (06/24/2013 02:53:18 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:53:18Z
 

Error: (06/24/2013 02:52:48 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:52:48Z
 

Error: (06/24/2013 02:52:18 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:52:18Z
 

Error: (06/24/2013 02:51:21 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:51:21Z
 

Error: (06/24/2013 02:50:51 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:50:51Z
 

Error: (06/24/2013 02:50:21 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:50:21Z
 

Error: (06/24/2013 02:49:51 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:49:51Z
 

Error: (06/24/2013 02:49:21 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:49:21Z
 

Error: (06/24/2013 02:48:51 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:48:51Z
 

Error: (06/24/2013 02:48:21 PM) (Source: Software Protection Platform Service)(User: )

Description: 0x800401542113-05-31T12:48:21Z
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 19%

Total physical RAM: 8069.52 MB

Available physical RAM: 6483.8 MB

Total Pagefile: 9285.52 MB

Available Pagefile: 7781.48 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:77.82 GB) NTFS (Disk=0 Partition=4) ==>[System with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:256.24 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 4AD209D2)
 

Partition: GPT Partition Type

==================== End Of Log ============================

Gruß
Björn